How Risk Managers Can Stop the FTX Infection from Spreading

When the Financial Times published a leaked copy of FTX's balance sheet, the newspaper saw a financial hole. But regular readers of Risk.net will have noticed plenty of other danger signals.

Asset and liability underlyings were mismatched, with nearly $16 billion of unhedged market risk exposure. On-demand liabilities were financing illiquid trading assets, creating $7 billion of liquidity risk mismatch. Segregation between client assets and house assets seemed to be entirely missing. And the reporting format looked like the product of a business studies undergraduate rather than that of a multi-billion-dollar enterprise with a million creditors, suggesting FTX's finance function lacked the ability to produce daily reporting in line with today's professional standards.

And yet, with all these red flags flying, FTX raised $1.8 billion from sophisticated investors, who must have had access to its financial information and risk management parameters before committing funding. The investors agreed to a corporate structure that failed to include any independent external directors. They put in place an audit framework that failed to involve any recognised international accounting firm.

In Michael Lewis's biographical work The Undoing Project, he quotes the Nobel prize-winning psychologist and behavioural economist Daniel Kahneman saying: 'No one ever made a decision because of a number. They need a story.' Finance and risk management professionals with quantitative skills might think they are immune to story-telling. But Kahneman's work — as well as venture capitalists' and hedge funds' losses at FTX — shows that even risk managers can be infected.

Kahneman's findings remind us that risk management cannot live on numbers alone: to maintain integrity and rationality, risk management requires its own story, a story that reinforces rather than degrades its objectiveness and defends it against illusion and fraud.

Crypto-asset markets are no different. The risk management story is based on two principles: segregation and transparency.

Modern financial architecture is based around segregation of functions and funds. Today's central counterparties, which stand as principal to every trade, are separate from the order-books that match buyers and sellers, while both are separate from the custodians who hold members' or clients' assets. Neither the exchange nor the central counterparty runs proprietary trading positions.

This principle of segregation of functions and funds is so deeply embedded in today's financial infrastructure that it is often taken for granted. Perhaps this explains the lack of public comment on the number of crypto-asset exchanges that flout it. Client assets are frequently commingled with each other and with those of the exchange.

Intermingling of functions and funds means that the word 'exchange' in crypto-asset markets may be a misnomer. In the case of FTX, they led to a 'dance of death' with Alameda Research, an unlisted trading firm that was FTX's partner, founder, borrower, creditor, liquidity provider and venture capital arm combined.

FTX did not publish audited accounts. Most leading players in crypto-asset markets do not. Nor do the leading crypto-asset players publish details of their risk management standards, their risk policies, their balance-sheet risk positions, their financial and non-financial stress-tests and their risk appetite.

But, in the short term, if clients show the resolve to demand transparency and segregation from their crypto-asset service providers, and to turn away from providers that fail to meet these demands, the industry would be transformed. Market pressure can act more swiftly and more effectively than the regulator.